mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-05 13:44:41 +02:00
Merge pull request #1644 from JacobBarthelmeh/Compatibility-Layer
add ca when getting chain from x509 store
This commit is contained in:
toddouska
GitHub
@@ -8739,6 +8739,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
store->userCtx = ssl->verifyCbCtx;
|
store->userCtx = ssl->verifyCbCtx;
|
||||||
store->certs = args->certs;
|
store->certs = args->certs;
|
||||||
store->totalCerts = args->totalCerts;
|
store->totalCerts = args->totalCerts;
|
||||||
|
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||||
|
if (ssl->ctx->x509_store_pt != NULL) {
|
||||||
|
store->store = ssl->ctx->x509_store_pt;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
store->store = &ssl->ctx->x509_store;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
#if !defined(NO_CERTS)
|
#if !defined(NO_CERTS)
|
||||||
InitX509(x509, 1, ssl->heap);
|
InitX509(x509, 1, ssl->heap);
|
||||||
#if defined(KEEP_PEER_CERT) || \
|
#if defined(KEEP_PEER_CERT) || \
|
||||||
@@ -8822,6 +8831,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
store->userCtx = ssl->verifyCbCtx;
|
store->userCtx = ssl->verifyCbCtx;
|
||||||
store->certs = args->certs;
|
store->certs = args->certs;
|
||||||
store->totalCerts = args->totalCerts;
|
store->totalCerts = args->totalCerts;
|
||||||
|
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||||
|
if (ssl->ctx->x509_store_pt != NULL) {
|
||||||
|
store->store = ssl->ctx->x509_store_pt;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
store->store = &ssl->ctx->x509_store;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
#if !defined(NO_CERTS)
|
#if !defined(NO_CERTS)
|
||||||
InitX509(x509, 1, ssl->heap);
|
InitX509(x509, 1, ssl->heap);
|
||||||
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
|
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
|
||||||
@@ -9411,6 +9429,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
store->userCtx = ssl->verifyCbCtx;
|
store->userCtx = ssl->verifyCbCtx;
|
||||||
store->certs = args->certs;
|
store->certs = args->certs;
|
||||||
store->totalCerts = args->totalCerts;
|
store->totalCerts = args->totalCerts;
|
||||||
|
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||||
|
if (ssl->ctx->x509_store_pt != NULL) {
|
||||||
|
store->store = ssl->ctx->x509_store_pt;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
store->store = &ssl->ctx->x509_store;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
#ifdef KEEP_PEER_CERT
|
#ifdef KEEP_PEER_CERT
|
||||||
if (ssl->peerCert.subject.sz > 0)
|
if (ssl->peerCert.subject.sz > 0)
|
||||||
store->current_cert = &ssl->peerCert;
|
store->current_cert = &ssl->peerCert;
|
||||||
@@ -9464,6 +9491,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
store->userCtx = ssl->verifyCbCtx;
|
store->userCtx = ssl->verifyCbCtx;
|
||||||
store->certs = args->certs;
|
store->certs = args->certs;
|
||||||
store->totalCerts = args->totalCerts;
|
store->totalCerts = args->totalCerts;
|
||||||
|
|
||||||
|
if (ssl->ctx->x509_store_pt != NULL) {
|
||||||
|
store->store = ssl->ctx->x509_store_pt;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
store->store = &ssl->ctx->x509_store;
|
||||||
|
}
|
||||||
#ifdef KEEP_PEER_CERT
|
#ifdef KEEP_PEER_CERT
|
||||||
if (ssl->peerCert.subject.sz > 0)
|
if (ssl->peerCert.subject.sz > 0)
|
||||||
store->current_cert = &ssl->peerCert;
|
store->current_cert = &ssl->peerCert;
|
||||||
|
|||||||
44
src/ssl.c
44
src/ssl.c
@@ -17840,6 +17840,8 @@ void wolfSSL_PKCS12_PBE_add(void)
|
|||||||
|
|
||||||
WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
|
WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
|
||||||
{
|
{
|
||||||
|
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_chain");
|
||||||
|
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@@ -17858,6 +17860,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
|
|||||||
|
|
||||||
XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
|
XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
|
||||||
ctx->chain = sk;
|
ctx->chain = sk;
|
||||||
|
|
||||||
for (i = 0; i < c->count && i < MAX_CHAIN_DEPTH; i++) {
|
for (i = 0; i < c->count && i < MAX_CHAIN_DEPTH; i++) {
|
||||||
WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i);
|
WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i);
|
||||||
|
|
||||||
@@ -17870,9 +17873,41 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
|
|||||||
if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) {
|
if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) {
|
||||||
WOLFSSL_MSG("Unable to load x509 into stack");
|
WOLFSSL_MSG("Unable to load x509 into stack");
|
||||||
wolfSSL_sk_X509_free(sk);
|
wolfSSL_sk_X509_free(sk);
|
||||||
|
wolfSSL_X509_free(x509);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
|
||||||
|
/* add CA used to verify top of chain to the list */
|
||||||
|
if (c->count > 0) {
|
||||||
|
WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1);
|
||||||
|
if (x509 != NULL) {
|
||||||
|
WOLFSSL_X509* issuer = NULL;
|
||||||
|
if (wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, x509)
|
||||||
|
== WOLFSSL_SUCCESS) {
|
||||||
|
/* check that the certificate being looked up is not self
|
||||||
|
* signed and that a issuer was found */
|
||||||
|
if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer,
|
||||||
|
&x509->subject) != 0) {
|
||||||
|
if (wolfSSL_sk_X509_push(sk, issuer) != SSL_SUCCESS) {
|
||||||
|
WOLFSSL_MSG("Unable to load CA x509 into stack");
|
||||||
|
wolfSSL_sk_X509_free(sk);
|
||||||
|
wolfSSL_X509_free(issuer);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
WOLFSSL_MSG("Certificate is self signed");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
WOLFSSL_MSG("Could not find CA for certificate");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
}
|
}
|
||||||
#endif /* SESSION_CERTS */
|
#endif /* SESSION_CERTS */
|
||||||
|
|
||||||
@@ -32233,9 +32268,11 @@ int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url)
|
|||||||
ssl->url = url;
|
ssl->url = url;
|
||||||
return WOLFSSL_SUCCESS;
|
return WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
#endif /* OCSP */
|
||||||
|
#endif /* OPENSSL_ALL / WOLFSSL_NGINX / WOLFSSL_HAPROXY */
|
||||||
|
|
||||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
|
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
|
||||||
|
defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
|
||||||
int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** chain)
|
int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** chain)
|
||||||
{
|
{
|
||||||
word32 idx;
|
word32 idx;
|
||||||
@@ -32471,8 +32508,9 @@ char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings,
|
|||||||
return NULL;
|
return NULL;
|
||||||
return strings->data.string;
|
return strings->data.string;
|
||||||
}
|
}
|
||||||
#endif /* HAVE_OCSP */
|
#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
|
||||||
|
|
||||||
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||||
#ifdef HAVE_ALPN
|
#ifdef HAVE_ALPN
|
||||||
void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data,
|
void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data,
|
||||||
unsigned int *len)
|
unsigned int *len)
|
||||||
|
|||||||
@@ -1707,7 +1707,8 @@ struct WOLFSSL_OCSP {
|
|||||||
WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
|
WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
|
||||||
OcspEntry* ocspList; /* OCSP response list */
|
OcspEntry* ocspList; /* OCSP response list */
|
||||||
wolfSSL_Mutex ocspLock; /* OCSP list lock */
|
wolfSSL_Mutex ocspLock; /* OCSP list lock */
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
|
||||||
|
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||||
int(*statusCb)(WOLFSSL*, void*);
|
int(*statusCb)(WOLFSSL*, void*);
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
@@ -2371,7 +2372,8 @@ struct WOLFSSL_CTX {
|
|||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
|
||||||
#endif
|
#endif
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
|
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
|
||||||
|
defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
|
||||||
WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
|
WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
|
|||||||
@@ -2839,7 +2839,8 @@ WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)(
|
|||||||
WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc));
|
WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_OCSP
|
#if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
|
||||||
|
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||||
WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx,
|
WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx,
|
||||||
WOLF_STACK_OF(X509)** chain);
|
WOLF_STACK_OF(X509)** chain);
|
||||||
WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx,
|
WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx,
|
||||||
|
|||||||
Reference in New Issue
Block a user